[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OPENLDAP SYNCREPL



Borresen, John - 0442 - MITLL wrote:
Thanks, Howard;

In hindsight, if my config looks jumbled, it is...that's what I get for
doing little things in a quasi-blind attempt at solving issues.

Quanah's followup was correct: you have the consumer configured for delta-syncrepl but you're missing the provider on your cn=accesslog database.

See the Admin Guide section 18.3.2.
http://www.openldap.org/doc/admin24/replication.html#Configuring%20the%20different%20replication%20types

*******Here is the output of slapcat on the Provider:**********

# slapcat -s olcDatabase=\{1}bdb,cn=config
dn: olcDatabase={1}bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcSuffix: dc=group42,dc=ldap
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=ldapadmin,dc=group42,dc=ldap
olcRootPW:: ***************
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap_db/openldap-data
olcDbCacheSize: 1000
olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.3.2.4
2007/1
  2/18 11:53:27 ghenry Exp $
olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB
databas
  es.
olcDbConfig: {2}#
olcDbConfig: {3}# See the Oracle Berkeley DB documentation
olcDbConfig: {4}#
<http://www.oracle.com/technology/documentation/berkeley-d
  b/db/ref/env/db_config.html>
olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics.
olcDbConfig: {6}#
olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ
olcDbConfig::
ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl
  PTI+
olcDbConfig: {9}# in particular:
olcDbConfig: {10}#<http://www.openldap.org/faq/index.cgi?file=1075>
olcDbConfig: {11}
olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon
re
  building
olcDbConfig: {13}# the DB environment.
olcDbConfig: {14}
olcDbConfig: {15}# one 0.25 GB cache
olcDbConfig: {16}set_cachesize 0 268435456 1
olcDbConfig: {17}
olcDbConfig: {18}# Data Directory
olcDbConfig: {19}#set_data_dir db
olcDbConfig: {20}
olcDbConfig: {21}# Transaction Log settings
olcDbConfig: {22}set_lg_regionmax 262144
olcDbConfig: {23}set_lg_bsize 2097152
olcDbConfig: {24}#set_lg_dir logs
olcDbConfig: {25}
olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for
"qui
  ck"
olcDbConfig::
ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl
  aXIgLXEgb3B0aW9uKS4g
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass eq
olcDbIndex: sn eq,sub
olcDbIndex: mail eq,sub
olcDbIndex: departmentNumber eq
olcDbIndex: cn,uid eq,sub
olcDbIndex: uidNumber eq
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: ipHostNumber eq
olcDbIndex: gidNumber,memberUID eq
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: 101e6d86-dd1c-4eaa-a26e-d7e201a727f8
creatorsName: cn=config
createTimestamp: 20111219143532Z
olcDbSearchStack: 32
olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by
anonymo
  us auth by * none
olcAccess: {1} to * by * read
olcDatabase: {1}bdb
olcLimits: {0}dn.exact="cn=ldapadmin,dc=group42,dc=ldap" size=unlimited
time=u
  nlimited
entryCSN: 20120313163732.658240Z#000000#001#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120313163732Z

dn: olcOverlay={0}syncprov,olcDatabase={1}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpNoPresent: TRUE
structuralObjectClass: olcSyncProvConfig
entryUUID: 8572b589-f594-44a6-91fe-0de741afbcca
creatorsName: cn=admin,cn=config
createTimestamp: 20120224171809Z
olcSpReloadHint: TRUE
olcSpCheckpoint: 1000 60
entryCSN: 20120312145000.123929Z#000000#001#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120312145000Z

dn: olcOverlay={1}accesslog,olcDatabase={1}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: {1}accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogPurge: 07+00:00 01+00:00
olcAccessLogSuccess: TRUE
structuralObjectClass: olcAccessLogConfig
entryUUID: eea1e438-6385-4660-807b-bb270eb4843a
creatorsName: cn=admin,cn=config
createTimestamp: 20120229161649Z
entryCSN: 20120229161649.880441Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120229161649Z

# slapcat -s olcDatabase=\{2}bdb,cn=config
dn: olcDatabase={2}bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDbDirectory: /var/lib/ldap_db/accesslog
olcSuffix: cn=accesslog
olcDbIndex: default eq
olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart
structuralObjectClass: olcBdbConfig
entryUUID: 446c6c64-a899-4f37-9498-cb4a349d3b48
creatorsName: cn=admin,cn=config
createTimestamp: 20120229153826Z
olcLimits: {0}dn.exact="cn=ldapadmin,dc=group42,dc=ldap" time.soft=unlimited
t
  ime.hard=unlimited size.soft=unlimited size.hard=unlimited
olcDatabase: {2}bdb
entryCSN: 20120313143637.046410Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20120313143637Z




################################################
***Here is the output of slapcat from the Consumer***
# slapcat -s olcDatabase=\{2}bdb,cn=config
dn: olcDatabase={2}bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcSuffix: dc=group42,dc=ldap
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=ldapadmin,dc=group42,dc=ldap
olcRootPW:: ***************
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap_db/openldap-data
olcDbCacheSize: 1000
olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1.2.4
2007/1
  2/18 11:51:46 ghenry Exp $
olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB
databas
  es.
olcDbConfig: {2}#
olcDbConfig: {3}# See the Oracle Berkeley DB documentation
olcDbConfig: {4}#
<http://www.oracle.com/technology/documentation/berkeley-d
  b/db/ref/env/db_config.html>
olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics.
olcDbConfig: {6}#
olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ
olcDbConfig::
ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl
  PTI+
olcDbConfig: {9}# in particular:
olcDbConfig: {10}#<http://www.openldap.org/faq/index.cgi?file=1075>
olcDbConfig: {11}
olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon
re
  building
olcDbConfig: {13}# the DB environment.
olcDbConfig: {14}
olcDbConfig: {15}# one 0.25 GB cache
olcDbConfig: {16}set_cachesize 0 268435456 1
olcDbConfig: {17}
olcDbConfig: {18}# Data Directory
olcDbConfig: {19}#set_data_dir db
olcDbConfig: {20}
olcDbConfig: {21}# Transaction Log settings
olcDbConfig: {22}set_lg_regionmax 262144
olcDbConfig: {23}set_lg_bsize 2097152
olcDbConfig: {24}#set_lg_dir logs
olcDbConfig: {25}
olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for
"qui
  ck"
olcDbConfig::
ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl
  aXIgLXEgb3B0aW9uKS4g
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass eq
olcDbIndex: cn,uid eq,sub
olcDbIndex: sn eq,sub
olcDbIndex: mail eq,sub
olcDbIndex: departmentNumber eq
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by
anonymo
  us auth by * none
olcAccess: {1} to * by * read
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: e6971058-e0f0-4160-aaca-a18b24d22008
creatorsName: cn=config
createTimestamp: 20120229205835Z
olcDatabase: {2}bdb
olcUpdateRef: ldaps://gp42-admin2.group42.ldap:636
olcMirrorMode: TRUE
olcSyncrepl: {0}rid=1 provider=ldaps://gp42-admin2.group42.ldap:636
bindmethod
  =simple binddn="cn=ldapadmin,dc=group42,dc=ldap" credentials=*********
interva
  l=01:00:00:00 searchbase="dc=group42,dc=ldap" logbase="cn=accesslog"
schemach
  ecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)"
attrs=
  "*,+" syncdata=accesslog starttls=no
tls_cacertdir=/usr/local/openldap-2.4.23
  /etc/openldap/cacerts
entryCSN: 20120313150609.224840Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120313150609Z

dn: olcOverlay={0}memberof,olcDatabase={2}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: {0}memberof
structuralObjectClass: olcMemberOf
entryUUID: 363ad8ed-872c-4fff-99c1-4f73d3e8055d
creatorsName: cn=admin,cn=config
createTimestamp: 20120302121345Z
entryCSN: 20120302121345.220702Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120302121345Z

dn: olcOverlay={1}syncprov,olcDatabase={2}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {1}syncprov
olcSpNoPresent: TRUE
structuralObjectClass: olcSyncProvConfig
entryUUID: 69ca3f6a-1ac4-45f9-88ca-eb7f67ca7b63
creatorsName: cn=admin,cn=config
createTimestamp: 20120302141557Z
entryCSN: 20120302141557.545770Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120302141557Z

I know that the two systems are communicating, at least, at the client level
and attempting to at the slapd level.  As stated earlier, the only error I'm
seeing consistently on the Consumer is:
do_syncrep2: rid=001 got search entry without Sync State control
do_syncrepl: rid=001 rc -1 retrying


David Borresen
ph:  781-981-2954
email: john.d.borresen@ll.mit.edu


-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com]
Sent: Tuesday, March 13, 2012 2:01 PM
To: Borresen, John - 0442 - MITLL
Cc: Quanah Gibson-Mount; openldap-technical@openldap.org
Subject: Re: OPENLDAP SYNCREPL

Borresen, John - 0442 - MITLL wrote:
Thanks, Quanah;

As requested:

That was clearly not the problem; if the syncprov module was missing your
config would have caused slapd to fail to start. Also it was clearly present

since you had it updating the contextCSN in your shutdown log. Quanah, you
should have already seen that and not sent him on a wild goose chase.

And, one more time: DO NOT DIRECTLY ACCESS THE FILES IN THE CONFIG
DIRECTORY.

Use the database administration tools. For your previous case, you should
have
simply used:
	slapcat -s olcDatabase=\{1\}bdb,cn=config

Make sure the consumer is talking to the server you think it is. Show slapd
-d7 output from the provider while the consumer is trying to connect.



--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/